plausible deniability. Or honey pots - first compromise a 3rd party target, then wait for your adversary to think they broke in. Either trace them back or plant false data.
How does a NOBUS vulnerability cost them plausible deniability? To prove it's their vulnerability, you have to know the private key that matches a public key.
If you're setting up a honeypot, why would you use an extremely complex cryptographic vulnerability? There's tens of thousands of straightforward software vulnerabilities that allow you to set up honeypots.
These don't sound like plausible reasons for NSA to effectively allow its own assets to be compromised needlessly.
> How does a NOBUS vulnerability cost them plausible deniability? To prove it's their vulnerability, you have to know the private key that matches a public key.
Of course not. If the public key came from the intelligence community and is a possible vector for attack, then a successful attack implicates them as the likely holders of the private key. BTW, "plausibility" doesn't imply "proof".
> If you're setting up a honeypot, why would you use an extremely complex cryptographic vulnerability?
Because of it's complexity, the honey pot is less suspicious to your adversary. If you compromise a 3rd party, then install a straightforward vulnerability, that raises flags. But letting your adversary compromise the system using the same vulnerability as you is perfectly natural.
That depends on who is going to use the vulnerable system and for what purpose.